Vulnerabilities > Otrs

DATE CVE VULNERABILITY TITLE RISK
2021-06-14 CVE-2021-21439 Improper Handling of Exceptional Conditions vulnerability in Otrs
DoS attack can be performed when an email contains specially designed URL in the body.
network
low complexity
otrs CWE-755
6.5
2021-03-22 CVE-2021-21438 Incorrect Default Permissions vulnerability in Otrs FAQ and Otrs
Agents are able to see linked FAQ articles without permissions (defined in FAQ Category).
network
low complexity
otrs CWE-276
4.0
2021-03-22 CVE-2021-21437 Missing Authorization vulnerability in Otrs products
Agents are able to see linked Config Items without permissions, which are defined in General Catalog.
network
low complexity
otrs CWE-862
4.3
2021-02-08 CVE-2021-21436 Incorrect Default Permissions vulnerability in Customer Frontend 7.0.0/7.0.14
Agents are able to see and link Config Items without permissions, which are defined in General Catalog.
network
low complexity
otrs CWE-276
4.0
2021-02-08 CVE-2021-21435 Information Exposure vulnerability in Otrs
Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface.
network
otrs CWE-200
4.3
2021-02-08 CVE-2021-21434 Cross-site Scripting vulnerability in Otrs Survey
Survey administrator can craft a survey in such way that malicious code can be executed in the agent interface (i.e.
network
otrs CWE-79
3.5
2021-02-08 CVE-2020-1779 Information Exposure vulnerability in Otrs Ticket Forms
When dynamic templates are used (OTRSTicketForms), admin can use OTRS tags which are not masked properly and can reveal sensitive information.
network
low complexity
otrs CWE-200
4.0
2020-11-23 CVE-2020-1778 Improper Authentication vulnerability in Otrs
When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid.
network
low complexity
otrs CWE-287
4.0
2020-10-15 CVE-2020-1777 Information Exposure vulnerability in Otrs
Agent names that participates in a chat conversation are revealed in certain parts of the external interface as well as in chat transcriptions inside the tickets, when system is configured to mask real agent names.
network
low complexity
otrs CWE-200
5.0
2020-07-20 CVE-2020-1776 Insufficient Session Expiration vulnerability in Otrs
When an agent user is renamed or set to invalid the session belonging to the user is keept active.
network
low complexity
otrs CWE-613
4.3